Facebook will pay a record-breaking $7.26 billion penalty –and submit to new restrictions that will hold the company accountable for the decisions it makes about users’ privacy – to settle US Federal Trade Commission (FTC) charges.
The penalty is the largest ever imposed on any company for violating consumers’ privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide.
The settlement order also imposes unprecedented new restrictions on Facebook’s business operations and creates multiple channels of compliance.
The order requires Facebook to restructure its approach to privacy from the corporate board-level down, establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy and that those decisions are subject to meaningful oversight.
“Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers’ choices,” said FTC chairman Joe Simons.
“The relief is designed not only to punish future violations but, more importantly, to change Facebook’s entire privacy culture to decrease the likelihood of continued violations.”
Following a year-long investigation, the US Department of Justice will file a complaint on behalf of the FTC alleging that Facebook repeatedly used deceptive disclosures and settings to undermine users’ privacy preferences.
These tactics allowed the company to share users’ personal information with third-party apps that were downloaded by users’ Facebook ‘friends’.
The FTC alleges that many users were unaware that Facebook was sharing such information and therefore did not take the steps needed to opt out of sharing.
In addition, the FTC alleges that Facebook took inadequate steps to deal with apps that it knew were violating its platform policies.
To prevent Facebook from deceiving its users about privacy in the future, the FTC’s new 20-year settlement order overhauls the way the company makes privacy decisions by boosting the transparency of decision-making and holding Facebook accountable via overlapping channels of compliance.
Additionally, the order imposes significant new privacy requirements, including the following:
- Facebook must exercise greater oversight over third-party apps, including by terminating app developers that fail to certify they are in compliance with Facebook’s platform policies or fail to justify their need for specific user data.
- Facebook is prohibited from using telephone numbers obtained to enable a security feature (e.g., two-factor authentication) for advertising.
- Facebook must provide clear and conspicuous notice of its use of facial recognition technology, and obtain affirmative express user consent prior to any use that materially exceeds its prior disclosures to users.
- Facebook must establish, implement and maintain a comprehensive data security program.
- Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plain text.
- Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.
Do you use Facebook regularly? Are you worried about your privacy when you use social media? Do you think you will ever be able to trust Facebook again?
If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.